Recently discovered vulnerabilities in the Domain Name System (DNS) suggest that an attacker may be able to hijack the process of looking up a website using a domain name (the “directory lookup”). The purpose of this type of attack is to take control of the session with an aim of sending the user to the hijacker's own deceptive website for purposes of collecting account and password information (phishing).
The Domain Name Security (DNSSEC) extension is a technology based on an open standard specification that provides both the end user and the provider of Internet domain name related services with the assurance that a domain name address is indeed correct and can be trusted.
DNSSEC uses a “chain of trust” initiated from the top of the Internet domain name system (the “ROOT”) down to the actual domain name being used. This mechanism is used to verify that the requested domain name records are indeed correct and can be trusted.
DNSSEC extends the existing domain records to include a Digital Signature (DS). The DS is applied to a domain by its owner, which identifies a domain’s authenticity so that users may trust it. In order to be effective, DNSSEC must be deployed at each step in the domain lookup from root zone to final domain name.
Example: DNSSEC Directory Lookup for example.africa
Full deployment of DNSSEC throughout the domain name system will ensure that the end user is connecting to the actual website or other service corresponding to a particular domain name. Although this will not solve all the security problems of the Internet, it does protect a critical piece of it - the directory lookup - complementing other technologies such as SSL (https:) that protects the "conversation".
The ZACR – as the designated operator of .ZA SLDs - is currently making a considerable investment in both hardware and software infrastructure to provide DNSSEC for the .ZA Top Level Domain (TLD) and SLDs (.ZA, CO.ZA, ORG.ZA etc.) and the new generic Top Level Domains currently under application with ICANN (.AFRICA, .CAPETOWN , .DURBAN and .JOBURG).
The ZACR’s DNSSEC implementation will make use of Hardware Security Modules (HSMs), which ensure the security of the DS keys, and thus improving the chain of trust in the various name spaces.
The ZADNA and ZACR will adopt a prudent approach of implementing DNSSEC in a coordinated and uniform manner across the .ZA namespace, from the top level to second and third levels. A successful DNSSEC implementation not only requires the implementation of the necessary technical infrastructure, but also requires a suitable policy framework and an extensive awareness campaign directed at users and services providers within .ZA. This process is currently underway and further details will be communicated to the public in due course.
HSM's provided by Altech
Ask your Domain Registrar or ISP about dotAfrica domain registrations. You may wish to participate in Sunrise if you have any rights to the name. Find a dotAfrica Domain Registrar here.
For the latest status updates, please visit dotafrica.org.
The .africa TLD will be launched in two phases, namely:
If you are a trademark holder ICANN prescribes a process, which we as the Registry Operator need to follow to ensure that genuine trademarks are protected and sold to the valid entity. The trademark holder will need to register their trademarks with the ICANN Trademark Clearing House or the Mark Validation System.
This will depend on individual Registrar pricing, in which launch phase you register the domain and if the domain is a premium name or not.
There are various protection mechanisms and policies, which the Registry Operator needs to adhere to and we are also bound by ICANN to make these policies part of our operations.
The various policies include:
See the Policy menu item above for more information.
Pre-registration .africa domain names will not be possible. Any application submitted during the dotAfrica Sunrise phase must have a corresponding validation token (SMD) in order to obtain the highest possible priority allocation.
If an applicant wants to secure the best possible claim to a domain name application during the launch, it must be associated with a pre-validated trade mark in either the TMCH or MVS. Without this a claim to the corresponding domain name is relegated to lesser priority status. The official way in which you can best secure your rights to a name in the new .africa namespace would be through the pre-validation of a registered mark.
See the MVS at www.markvalidation.com for more information.
dotAfrica is the new Top Level Domain (TLD) for the African continent: It is an African initiative created by Africans for Africans and the worldwide audience of companies, organisations and individuals interested in, associated with and connected with the African community and markets.
The dotAfrica initiative is fully endorsed by the African Union (AU) and has widespread support across the continent - from African governments, the business sector, civil society and the technical community. dotAfrica is led by a multi-stakeholder Steering Committee from across the continent.
This functionality will be made available soon. Government Representatives must register first and domains must be accepted into the RNL to display data here. Please check back soon!